dsandall - 8:26 pm on Sep 23, 2004 (gmt 0)

Perhaps I am missing something, but my overall impression is that there is no reason to have virus scanning on a pure web server? Guess I just assumed when users are allowed to upload from the wild that a scan would happen on that stream. My mistake. You guessed right I mainly do e-mail adminstration at the server level and AV. However the web farm, at our org., is not under my AV duties.

You're right about checking files uploaded from the wild, but, the checking now is done to ensure that it is a valid jpeg file (header check) and then, to be sure, there is some re-sizing done, so if it is not a jpeg, then well, the code returns a fail on the upload and it is never posted as a graphic.

In this new vulnerability, it is my impression that this virus is part of a valid jpeg, which is where my original query about the pattern matching comes in (which is what virus software does anyway right?). Just in this case, there is no AV software running on the web server, just the upload manager that ensures the files are valid jpegs.

Also, anyone know of a code chunk that can be scanned for to see if a jpeg contains this virus?

Thanks again for comments,
Dwayne